SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 104

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

Failure to define wrappers around native methods can allow unprivileged callers to invoke them and exploit inherent vulnerabilities such as buffer overflows in native libraries.

Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

JNI00-J

Medium

Probable

No

High

No

P4

L3

Automated Detection

Automated detection is not feasible in the fully general case. However, an approach similar to Design Fragments [Fairbanks 2007] could assist both programmers and static analysis tools.

ToolVersionCheckerDescription
Klocwork

Include Page
Klocwork_V
Klocwork_V

JAVA.NATIVE.PUBLIC
Parasoft Jtest
9.5SECURITY.IBA
Include Page
Parasoft_V
Parasoft_V
CERT.JNI00.NATIW
Implemented
Use wrapper methods to secure native methods

Related Guidelines

MITRE CWE

CWE-111, Direct Use of Unsafe JNI

Secure Coding Guidelines for Java SE, Version 5.0

Guideline 5-3 / INPUT-3: Define wrappers around native methods

Bibliography

[Fairbanks 2007]

 


[JNI 2006]

 


[Liang 1997]

 


[Macgregor 1998]

Section 2.2.3, "Interfaces and Architectures"

...


...